Alpha
Connect Claude to TallyUp.
Talk to Claude Desktop, Cursor, or Claude Code. They read and write your TallyUp data directly — no copy-paste, no bulk-import tool, no binary to install. Three steps, free.
How it works
TallyUp speaks the Model Context Protocol over HTTP, with OAuth 2.1 + PKCE for authorization. Paste https://tallyup.work/mcp into your MCP client, click Allow on the consent screen, and Claude can list your assets, file bills, decode VINs, mark maintenance done, and more, on your behalf. Every write is tagged with the connection that made it; if anything goes sideways you can revoke from /account/api-keys in one click.
tallyup.work. New connections are a paste + click; no JSON editing, no API keys to manage.
Setup
Get a TallyUp account
If you don't have one, create one for free. The first user on a fresh install becomes admin automatically.
Add the TallyUp MCP server in your client
Modern MCP clients (Claude Desktop ≥ Dec 2025, Claude Code, ChatGPT desktop, MCP Inspector) discover the OAuth flow automatically. Paste this URL where the client asks for an MCP server URL:
https://tallyup.work/mcpClaude Desktop
Settings → Connectors (or MCP servers on older builds) → Add custom server, paste the URL above. The app opens TallyUp in your browser, signs you in if needed, and shows a consent screen.
Claude Code (CLI)
One command — Claude Code handles the OAuth handshake on your behalf:
claude mcp add --scope user --transport http tallyup https://tallyup.work/mcpThen /exit any running Claude Code session and start a new one — your browser will open for the consent click on first use.
Cursor / other MCP clients
Add a new MCP server with type HTTP and URL https://tallyup.work/mcp. The client will redirect you through TallyUp for sign-in + consent.
Click "Allow"
You'll see a consent screen on tallyup.work listing the connecting client (e.g. "Claude Desktop") and the access being requested (mcp.access — read + write everything you can already see). Click Allow access. The browser hands you back to the client; you're done.
You can revoke the connection anytime from /account/api-keys.
Headless / API-key path (still supported)
For scripts, CI jobs, or older clients that can't follow the OAuth redirect, the original Bearer-token path still works. Generate a tau_… key at /account/api-keys and pass it as Authorization: Bearer tau_… on every request to /mcp. Existing keys keep working — no migration required.
What can it do?
Claude sees a small set of read and write tools, plus utilities like a free NHTSA VIN decoder. The full list as of today:
| Tool | What it does |
|---|---|
| list_assets | Every asset the caller can see, with optional filters by kind / parent. |
| get_asset | One asset by id. Cross-account reads return "not found". |
| list_asset_kinds | The kind taxonomy (residential / vehicle / computer / your custom kinds). |
| list_groups | Groups you're a member of, admin of, or viewer of. |
| list_bills_upcoming | Bills due in the next N days (default 60). |
| list_maintenance_upcoming | Maintenance items due in the next N days. |
| decode_vin | VIN → year, make, model, trim, engine, transmission, plant, etc. (NHTSA vPIC, free.) |
| create_asset | Add an asset; owner is you or a group you can write to. Optional external_id for re-import dedup. |
| create_group | Create a household / LLC / partnership / etc. Caller becomes admin + viewer (not a 100% member). |
| create_bill | File a bill against an asset, group, or yourself. |
| mark_bill_paid | Record a payment and flip the bill to paid. |
| create_maintenance_item | Schedule maintenance on an asset / group / yourself. |
| mark_maintenance_completed | Mark done with optional cost, mileage, or hour-meter. |
| add_usage_reading | Mileage / hour-meter / kWh reading against an asset. |
| add_value_record | Point-in-time valuation snapshot. |
Try it
Once the client is configured, try one of these in chat:
- "List the assets in my TallyUp account."
- "I just bought a 2024 Toyota Tacoma, VIN 3TYRX5GN1RT123456. Add it to my assets at 123 Main St, Vancouver WA." Claude calls
decode_vin, thencreate_assetwith the suggested name and address. - "Show me what's due in the next 30 days." Claude calls
list_bills_upcomingandlist_maintenance_upcoming. - "Add a new household group called Smith Family — I'm not a member, just an admin." Claude calls
create_group; you can then add the Smiths as members from /groups.
Safety: rolling back a bad import
Every row Claude creates is tagged with the API key that made it. If a session goes sideways, you can recover from one place:
- Visit /account/api-keys.
- Click Records next to the key.
- See the per-table count of what that key wrote (assets, bills, maintenance, income, valuations, payments). Optionally narrow by date window.
- Click Delete — type the key prefix to confirm — and the rows go away in dependency order.
You can also Revoke the key at any time. Existing rows stay; future calls 401.
Treat keys like passwords
tau_… token can do whatever your account can do (within the key's scope). Don't paste them into chat logs, screenshots, or shared config files. Keys are stored hashed on our side; we can't recover one once you've left the reveal page.
- Use scope-limited keys when possible — a read-only key for a dashboard is much cheaper to lose than a read+write key.
- Use a different key per client (one for Claude Desktop, one for Cursor, one for a script) so revoking one doesn't break the others.
- Keys can have an expiry (DB-supported; UI exposing it lands soon).
Limits today
- No rate-limiting. Don't share keys with bots that loop hard. Use the Records page to spot runaway writes.
- No streaming for long-running tools. Every response fits in a single MCP message.
- One scope (
mcp.access) for OAuth-issued tokens. Granular scopes (read-only vs. read+write) are still available on the legacytau_…path; OAuth scope partitioning is on the roadmap. - Stateless. Each request stands alone — no sticky sessions between calls.
Need help?
Open an issue or send a note via your account page. The MCP spec is also a good read if your client misbehaves — most issues are config-file paths or forgetting to fully quit and relaunch.